Overview

overview

10

Static

static

10

77c37dea54...e5.exe

windows7-x64

10

77c37dea54...e5.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    114s
  • max time network
    119s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    28/11/2024, 05:53

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    77c37dea54825b69e81b9d14ac1747613180e33c7ddda8b8c1f7db6a727898e5.exe

  • Size

    61KB

  • MD5

    9aa4fe48c6c10382a6e0a8bf173de4d4

  • SHA1

    1a73200f7c814359918d3de71464c6c8c5e9fe6d

  • SHA256

    77c37dea54825b69e81b9d14ac1747613180e33c7ddda8b8c1f7db6a727898e5

  • SHA512

    d449c7b5738a3f371d1d5633559f47443550efbdda0ab940d9d54f4828a8dfc5d9ba3df3a053a2a805540a9096355c1aedcdcb7e099538493fbee61472785ec1

  • SSDEEP

    1536:Md9dseIOcE93bIvYvZEyF4EEOF6N4yS+AQmZWl/5l:0dseIOMEZEyFjEOFqTiQmUl/5l

Score
10/10
neconyddiscoverytrojan

Malware Config

Extracted

Family

neconyd

C2

http://ow5dirasuek.com/

http://mkkuei4kdsz.com/

http://lousta.net/

Signatures

  • Neconyd

    Neconyd is a trojan written in C++.

    trojanneconyd
  • Neconyd family
    neconyd
  • Executes dropped EXE 3 IoCs
  • Drops file in System32 directory 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious use of WriteProcessMemory 9 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\77c37dea54825b69e81b9d14ac1747613180e33c7ddda8b8c1f7db6a727898e5.exe
    "C:\Users\Admin\AppData\Local\Temp\77c37dea54825b69e81b9d14ac1747613180e33c7ddda8b8c1f7db6a727898e5.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:2276
    • C:\Users\Admin\AppData\Roaming\omsecor.exe
      C:\Users\Admin\AppData\Roaming\omsecor.exe
      2⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1048
      • C:\Windows\SysWOW64\omsecor.exe
        C:\Windows\System32\omsecor.exe
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:3524
        • C:\Users\Admin\AppData\Roaming\omsecor.exe
          C:\Users\Admin\AppData\Roaming\omsecor.exe
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:1912

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    49214746444751fa8e4c9633c0d85105

    SHA1

    62cc433a54336e778d9ce27a1c13e2b433f67feb

    SHA256

    2f365e4daba27c32ea4a469260711b5441ebfe4363eb78e9beaf47fde277174b

    SHA512

    1b2b84c4996abf8c89d5b188698e3bb27418a056af9b4fd21fd4f5f9e6694167f97b14d03a1dd1fb3fefc2c5e2abb67d3f9d617abaad99df06e6f053e5e18ea1

    Download Submit

  • C:\Users\Admin\AppData\Roaming\omsecor.exe
    Filesize

    61KB

    MD5

    9cd614f027807783dade1ff6c9936a5c

    SHA1

    d55f7b3b87c4ee8b7c5e74b7a2dfa08f653e89ab

    SHA256

    636dd11c39ce0208ce42eb8d271f9e3af6b5590539fef6b4655032be2e30f6fe

    SHA512

    55224863f91bab378ff38187fc367c4874ecbd6cda8829b726f09c5f3b22eaa430cc20cede06dc2e1a5bc99dad4b859bf8566c3e559df71ca819cff43e32aa59

    Download Submit

  • C:\Windows\SysWOW64\omsecor.exe
    Filesize

    61KB

    MD5

    79e4be2a0aad24bd3db3a2eacbce6761

    SHA1

    4bd1c20e52750f23826a01a9dce854b09e1caa43

    SHA256

    7a47bc1e4a354721b4c1dc5ba350639c7c5e0951e66e054cae0ffce1b1000b29

    SHA512

    0e9bee6b398138bd1b021d60d864cb96bef56132ba0c8ead9ba063a1b77b617563b388e09e33dfa49c8e11b3a95f72db2023ccda577b99a3a7971bc50182f7dc

    Download Submit